/src/strongswan/fuzz/fuzz_ike.c

Source
/*
 * Copyright (C) 2026 Arthur SC Chan
 *
 * Copyright (C) secunet Security Networks AG
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

#include <daemon.h>
#include <library.h>
#include <encoding/message.h>

int LLVMFuzzerInitialize(int *argc, char ***argv)
{
  dbg_default_set_level(-1);
  library_init(NULL, "fuzz_ike");
  libcharon_init();
  return 0;
}

int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len)
{
  message_t *message;
  packet_t *packet;

  /* Minimum IKE header size for fuzzing meaningful IKE headers effectively */
  if (len < 28)
  {
    return 0;
  }

  /* Create packet from fuzzer input */
  packet = packet_create_from_data(host_create_from_string("192.0.2.1", 500),
                   host_create_from_string("192.0.2.2", 500),
                   chunk_clone(chunk_create((u_char*)buf, len)));
  if (!packet)
  {
    return 0;
  }

  /* Fuzz IKE message parsing and processing */
  message = message_create_from_packet(packet);
  if (message)
  {
    if (message->parse_header(message) == SUCCESS)
    {
      message->parse_body(message, NULL);
    }
    message->destroy(message);
  }
  return 0;
}

Line	Count	Source
1		/*
2		* Copyright (C) 2026 Arthur SC Chan
3		*
4		* Copyright (C) secunet Security Networks AG
5		*
6		* This program is free software; you can redistribute it and/or modify it
7		* under the terms of the GNU General Public License as published by the
8		* Free Software Foundation; either version 2 of the License, or (at your
9		* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10		*
11		* This program is distributed in the hope that it will be useful, but
12		* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13		* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14		* for more details.
15		*/
16
17		#include <daemon.h>
18		#include <library.h>
19		#include <encoding/message.h>
20
21		int LLVMFuzzerInitialize(int argc, char **argv)
22	2	{
23	2	dbg_default_set_level(-1);
24	2	library_init(NULL, "fuzz_ike");
25	2	libcharon_init();
26	2	return 0;
27	2	}
28
29		int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len)
30	2.76k	{
31	2.76k	message_t *message;
32	2.76k	packet_t *packet;
33
34		/* Minimum IKE header size for fuzzing meaningful IKE headers effectively */
35	2.76k	if (len < 28)
36	9	{
37	9	return 0;
38	9	}
39
40		/* Create packet from fuzzer input */
41	2.75k	packet = packet_create_from_data(host_create_from_string("192.0.2.1", 500),
42	2.75k	host_create_from_string("192.0.2.2", 500),
43	2.75k	chunk_clone(chunk_create((u_char*)buf, len)));
44	2.75k	if (!packet)
45	0	{
46	0	return 0;
47	0	}
48
49		/* Fuzz IKE message parsing and processing */
50	2.75k	message = message_create_from_packet(packet);
51	2.75k	if (message)
52	2.75k	{
53	2.75k	if (message->parse_header(message) == SUCCESS)
54	2.69k	{
55		message->parse_body(message, NULL);
56	2.69k	}
57	2.75k	message->destroy(message);
58	2.75k	}
59	2.75k	return 0;
60	2.75k	}

Coverage Report

Created: 2026-03-07 06:50